Administration Console Online Help

Configure
Authentication and Identity Assertion providers

WebLogic Server offers the
following types of Authentication and Identity Assertion providers:

The WebLogic Authentication
provider allows you to manage users and groups in one place, the
embedded LDAP server. Note that the Administration Console refers to
the WebLogic Authentication provider as the Default Authenticator. For
more information, see Configuring the WebLogic Authentication
Provider.

Note: You are not limited to these LDAP
Authentication providers. To use an LDAP server other than the
supported LDAP servers, choose the LDAP server type that has the
closest defaults to the LDAP server you want to use and modify the
attribute values accordingly.

Note: When configuring
an LDAP Authentication provider, the value you enter for
principal on the
Provider-Specific tab must be an LDAP
administrator who has the privilege to search users and groups in the
corresponding LDAP server. If the LDAP administrator does not have
privileges to search the LDAP server, an LDAP exception with error
code 50 is generated.

Note: The WebLogic SAML Authentication provider can be
used with both the SAML Identity Asserter (for SAML 1.1) as well as
the SAML 2.0 Identity Asserter to allow virtual users to log in. For
important usage notes, see Configuring the SAML Authentication
Provider.

Oracle recommends that you configure the Password Validation provider
immediately after configuring a new WebLogic domain. The Password
Validation provider, which is included with WebLogic Server, can be
configured with several out-of-the-box authentication providers to
manage and enforce password composition rules. Whenever a password is
created or updated in the security realm, the corresponding
authentication provider automatically invokes the Password Validation
provider to ensure that the password meets the composition requirements
that are established. For more information, see Configure the Password
Validation provider.

In addition, you can use a Custom Authentication provider which
offers different types of authentication technologies. For more
information, see Configure custom
security providers.

Each security realm must have one at least one Authentication
provider configured. The WebLogic Security Framework is designed to
support multiple Authentication providers (and thus multiple
LoginModules) for multipart authentication. Therefore, you can use
multiple Authentication providers as well as multiple types of
Authentication providers in a security realm. The Control Flag attribute
determines how the LoginModule for each Authentication provider is used
in the authentication process. For more information, see Set the JAAS control
flag.

To configure an Authentication or Identity Assertion provider:

If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).

In the left pane, select Security Realms
and click the name of the realm you are configuring (for example,
myrealm).

Select
Providers > Authentication and click
New.

The Create a New Authentication Provider page appears.

In the
Name field, enter a name for the Authentication
provider.

From the Type drop-down list, select the
type of the Authentication provider and click
OK.

Select Providers > Authentication and
click the name of the new Authentication provider to complete its
configuration.

On the Configuration page for the
Authentication provider, set the desired values on the
Common and
Provider-Specific tabs.